[Openid-specs-fapi] FAPI part 2: Signaling request_uri is one-time use

Vladimir Dzhuvinov vladimir at connect2id.com
Thu Jul 27 08:02:52 UTC 2017


Part 2 of the FAPI specifies an endpoint where clients can upload their
request JWTs. The spec says that the request URI which the server
creates on behalf of the client should be preferably one-time use. At
present there is a way to signal request URI expiration (exp), but not
when the URI is one-time use:


I wonder how this information can be conveyed to the client?

I suppose "exp" and one-time use are not mutually exclusive?


PS: The strings in the JSON example are single quoted, for valid JSON I
believe they should have double quotes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3711 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170727/b522205b/attachment.p7s>

More information about the Openid-specs-fapi mailing list